From 2539a6fc09d8a6d5bfe242945bc9be040886d119 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 14 Feb 2010 19:07:15 +0000 Subject: [PATCH] Updated nmap parsing, store notes for last boot and os matches git-svn-id: file:///home/svn/framework3/trunk@8494 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/db.rb | 31 ++++++++++++++++++++++++++++++- lib/rex/parser/nmap_xml.rb | 4 ++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index d507037682..ba0e990a35 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -1123,7 +1123,7 @@ class DBManager data[:state] = (h["status"] == "up") ? Msf::HostState::Alive : Msf::HostState::Dead # XXX: There can be multiple matches, but we only see the *last* right now - if (h["os_accuracy"] and h["os_accuracy"].to_i > 75) + if (h["os_accuracy"] and h["os_accuracy"].to_i > 95) data[:os_name] = h["os_vendor"] data[:os_sp] = h["os_version"] end @@ -1151,6 +1151,35 @@ class DBManager report_host(data) + if( data[:os_name] ) + note = { + :host => addr, + :type => 'host.os.nmap_fingerprint', + :data => { + :os_vendor => h["os_vendor"], + :os_family => h["os_family"], + :os_version => h["os_version"], + :os_accuracy => h["os_accuracy"] + } + } + + if(h["os_match"]) + note[:data][:os_match] = h['os_match'] + end + + report_note(note) + end + + if (h["last_boot"]) + report_note( + :host => addr, + :type => 'host.last_boot', + :data => { + :time => h["last_boot"] + } + ) + end + # Put all the ports, regardless of state, into the db. h["ports"].each { |p| extra = "" diff --git a/lib/rex/parser/nmap_xml.rb b/lib/rex/parser/nmap_xml.rb index daa69d1831..4493aa5d31 100644 --- a/lib/rex/parser/nmap_xml.rb +++ b/lib/rex/parser/nmap_xml.rb @@ -64,6 +64,10 @@ class NmapXMLStreamParser @host["os_family"] = attributes["osfamily"] @host["os_version"] = attributes["osgen"] @host["os_accuracy"] = attributes["accuracy"] + when "osmatch" + if(attributes["accuracy"].to_i == 100) + @host["os_match"] = attributes["name"] + end when "uptime" @host["last_boot"] = attributes["lastboot"] when "hostname"